3098 matches found
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code...
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code...
Description of the security update for SharePoint Server 2016: June 13, 2017
Description of the security update for SharePoint Server 2016: June 13, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft...
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code...
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code...
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code...
Microsoft Device Guard Code Integrity Policy Security Feature Bypass (CVE-2017-0215)
A security feature bypass vulnerability exists in Microsoft Windows Device Guard. The vulnerability is due to the way Device Guard improperly validates certain elements of a signed PowerShell script. A remote attacker could exploit this vulnerability by enticing a target user to open a specially...
Microsoft Windows - UAC Protection Bypass via FodHelper Registry Key (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/exe' require 'msf/core/exploit/powershell' class MetasploitModule 'Windows UAC Protection Bypass Via FodHelper Registry Key', 'Description' = %q...
Zusy Malware Installs Via Mouseover – No Clicking Required
Researchers are warning of several recent spam campaigns delivering PowerPoint files that when opened contain a mouseover link that installs a variant of the Zusy malware. The malware is novel because it does not rely on macros, JavaScript or VBA macros to be enabled for the dropper file to...
Beware! This Microsoft PowerPoint Hack Installs Malware Without Requiring Macros
"Disable macros and always be extra careful when you manually enable it while opening Microsoft Office Word documents." You might have heard of above-mentioned security warning multiple times on the Internet as hackers usually leverage this decade old macros-based hacking technique to hack...
PowerShell Script Encoding Evasion
Certain evasion tools obfuscate powershell scripts in order to circumvent inspection by security software. An attacker could use such evasion methods in order to execute arbitrary code on the target...
Windows UAC Protection Bypass (Via FodHelper Registry Key)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/exe' require 'msf/core/exploit/powershell' class MetasploitModule 'Windows UAC Protection Bypass Via FodHelper Registry Key', 'Description' = %q...
WMI Event Subscription Persistence
This module will create a permanent WMI event subscription to achieve file-less persistence using one of five methods. The EVENT method will create an event filter that will query the event log for an EVENTIDTRIGGER default: failed logon request id 4625 that also contains a specified...
Parallels Desktop - Virtual Machine Escape Vulnerability
Exploit for windows platform in category local exploits + Title: Parallels Desktop - Virtual Machine Escape + Product: Parallels + Vendor: http://www.parallels.com/products/desktop/ + Affected Versions: All Version Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp E-Ma...
Parallels Desktop - Virtual Machine Escape
Parallels Desktop - Virtual Machine Escape + Title: Parallels Desktop - Virtual Machine Escape + Product: Parallels + Vendor: http://www.parallels.com/products/desktop/ + Affected Versions: All Version Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp...
Parallels Desktop - Virtual Machine Escape
Title: Parallels Desktop - Virtual Machine Escape + Product: Parallels + Vendor: http://www.parallels.com/products/desktop/ + Affected Versions: All Version Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp E-Mail : meatrezadotes , reza.esparghamatgmaildotcom Website :...
Parallels Desktop 12.2.0 Virtual Machine Escape
Title:A Parallels Desktop - Virtual Machine Escape + Product: Parallels + Vendor: http://www.parallels.com/products/desktop/ + Affected Versions: All Version Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp E-Mail : meatrezadotes , reza.esparghamatgmaildotcom Website...
EternalBlue Exploit Spreading Gh0st RAT, Nitol
EternalBlue, the exploit used in the WannaCry ransomware outbreak, is now being leveraged to distribute the Nitol backdoor and Gh0st RAT malware. Security researchers at FireEye said, just as WannaCry criminals did, threat actors are leveraging the same Microsoft Server Message Block SMB protocol...
Threat actors leverage EternalBlue exploit to deliver non-WannaCry payloads
The “EternalBlue” exploit MS017-010 was initially used by WannaCry ransomware and Adylkuzz cryptocurrency miner. Now more threat actors are leveraging the vulnerability in Microsoft Server Message Block SMB protocol – this time to distribute Backdoor.Nitol and Trojan Gh0st RAT. FireEye Dynamic...
Threat actors leverage EternalBlue exploit to deliver non-WannaCry payloads
The “EternalBlue” exploit MS017-010 was initially used by WannaCry ransomware and Adylkuzz cryptocurrency miner. Now more threat actors are leveraging the vulnerability in Microsoft Server Message Block SMB protocol – this time to distribute Backdoor.Nitol and Trojan Gh0st RAT. FireEye Dynamic...